Meandering thoughts of the Knight household, mostly work and technology related guff.

Thursday, April 29, 2010

Installing a Wildcard Certificate Using SBS 2008 Console

I needed to install a wildcard certificate into an SBS 2008 install. After acquiring the wildcard certificate I installed it into the Certificate Store for the Computer Account, into the Personal Certificates as per the instructions found in “How do I import an existing trusted certificate?” – found by opening SBS 2008 Console, clicking on Network, then clicking on the Connectivity tab and then clicking on the Certificate entry under Web Server Certificate.

Once I’d done that, I launched the Add A Trusted Certificate wizard. Problem is it would only show the self-generated certificate for the SBS 2008 install and not the wildcard certificate.

I got to thinking that a setting somewhere was restricting it to the domain and RWW prefix set in the Internet Address Management wizard, so I went hunting and found a solution.

The workaround is to open up regedit and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\Networking.

In here you’ll find the two entries that dictate which certificates are displayed in the Add A Trusted Certificate Wizard – PublicFQDNPrefix and PublicFQDNProvider.

To get a wildcard certificate displayed in the wizard you’ll need to change PublicFQDNPrefix to *.

Make a note of the original value, as you’ll need to put it back once you’ve installed the wildcard certificate.

Now open up the SBS 2008 Console, click on Network, click on the Connectivity tab and run the Add A Trusted Certificate Wizard. You’ll now be able to see the wildcard certificate and install it.

Once you’ve successfully installed the certificate, go back to regedit and change PublicFQDNPrefix from * back to its original value.

I'm seeing problems with a GoDaddy Wildcard SSL renewal - Have resorted to removing the original cert and re-importing, follow through your notes above and everything reports OK in the wizard but RWW still shows the old and now expired SSL?

I did exactly ap per the instruction on my SB 2008 and changed the required setting to * in the registry. Bu when I am running the wizard to "Add trusted Certificate", it still shows the old form and not the one to accept the wildcard certificate.

With your method I can select the wildcard certificate, but it still finishes with an error, saying that the certificate's web address does not match my website's address. Is there a solution for this?